AWS WAF - Bot Protection Rules
Hello guys, we are looking for this WAF Rule in the AWS Marketplace. We have interest in DDOS protection further, so can anyone tell me if the F5 Bot Protection Rules could work and what "DDOS bot/tools protection means". We will use the WAF for ALB, se we need to cover the layer 7 and not sure which kind of protection this can give us? If some hackers pretend to make a DDOS attack trough our Load Balancer, will be covered? "F5's Managed Rules for AWS WAF offer an additional layer of protection that can be easily applied to your AWS WAF. F5's Bot Protection rules analyze all incoming requests and block any malicious bot activities identified, including DDoS tools, vulnerability scanners, web scrapers, and forum spam tools"Editing iRule for Maintainance Page with image local in F5 Big-IP iFile
Dear Community, I hope this message finds you well. I am reaching out to request your assistance in editing the iRule to redirect users to a maintenance page when all nodes are down. While the iRule is currently functioning as intended, I would like to incorporate images that represent our organization and application for users. I have successfully uploaded the images to F5 using iFile however, I am uncertain about how to reference these images within the HTML code of the iRule. Attached below, you will find a screenshot of the current page and a visual representation of the desired maintenance page. The code below: =================================================================================== when HTTP_REQUEST { if { [active_members [LB::server pool]] == 0 } { HTTP::respond 503 content " <!DOCTYPE html> <html lang='en'> <head> <meta charset='UTF-8'> <meta name='viewport' content='width=device-width, initial-scale=1.0'> <title>Maintenance Page</title> <style> body { font-family: Arial, sans-serif; background-color: #f4f4f4; color: rgb(27, 131, 111); display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; text-align: center; } .container { background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1); } h1 { font-size: 2em; margin: 0; } p { font-size: 1.2em; } .logos { margin-bottom: 20px; } .logos img { height: 150px; margin: 0 15px; } .gear-icon { font-size: 3em; color: rgb(27, 131, 111); } @media (max-width: 600px) { h1 { font-size: 1.5em; } p { font-size: 1em; } } </style> </head> <body> <div class='container'> <div class='logos'> <img src='/iFiles/Blackboard-LOGO' alt='Blackboard Logo'> <img src='/iFiles/PSAU-LOGO' alt='PSAU Logo'> </div> <h1>We'll be back soon!</h1> <p>Our website is currently undergoing maintenance. We are working hard to improve your experience. Stay tuned!</p> <p>! الموقع حاليا تحت الصيانة, نحن نعمل بجد لتحسين تجربة المستخدم، ترقبوا</p> <div class='gear-icon'>⚙️</div> </div> </body> </html> " "Content-Type" "text/html" } else { switch [HTTP::uri] { "/iFiles/Blackboard-LOGO" { HTTP::respond 200 content [ifile get "Blackboard-LOGO"] "Content-Type" "image/png" } "/iFiles/PSAU-LOGO" { HTTP::respond 200 content [ifile get "PSAU-LOGO"] "Content-Type" "image/png" } default { # Optionally handle requests for other pages here } } } } ================================================================================= Thank you in advance for your support. Regards Omran Mohamed
F5 & TACACS communication
Hello Community, I am currently working to find RCA for an issue in which during Datacentre fail-over testing, we unable to to login to F5 and assuming their is communication issue between F5 and TACACS Server, and I have a few questions regarding how the authentication process works and how failover occurs when the primary TACACS server is unavailable. Here are my questions: Packet Exchange: How does TACACS function at the packet level when F5 sends authentication requests? What types of packets are exchanged between F5 and the TACACS server during authentication? Failover to Secondary TACACS Server: When the primary TACACS server is down or unreachable, how does F5 detect this and automatically send authentication requests to the secondary TACACS server? What type of packets and log entries should we see on the F5 side when this occurs? Timeout and Retry Behavior: How many retry attempts does F5 make before switching to the secondary TACACS server? How long does F5 wait before retrying, and is this configurable? I would appreciate any insights, best practices, or references to relevant documentation that can help clarify these points. Even packet capture also helps as this is not feasible for me to reproduce issue. Thanks in advance for your help! Best regards, Pradeep
Telemetry streaming to Elasticsearch
Hi all I am following a couple of threads since I want to send ASM logging to Elasticsearch like this one from Greg What I understand is that I need to send an AS3 declaration and a TS declaration. But there are a couple of things not entirely clear to me. 1. Can I remove the iRule, Service_TCP, Pool, Log_Destination, Log_Publisher and Traffic_Log_profile declarations from the AS3 declaration json? In the example the telemetry_asm_security_log_profile does not seem to depend on these? 2. In the AS declaration json an IP address is specified 255.255.255.254 (perhaps just an example since it is a subnet mask) and also in the TS declaration where it is 172.16.60.194. How are the IP in the servers section of the AS3 declaration related to the one in the consumer part in the TS declaration? 3. In telemetry_asm_security_log_profile the field remoteStorage is set to splunk. According to the reference guide: Reference Guide security-log-profile-application-object the allowed values are “remote”, “splunk”, “arcsight”, “bigiq”. I would opt for just remote. Is that the correct choice? Regards Hans
cannot find Security -> Application Security: Headers: Cookie List
Hello F5 Community, My WAF trial VM runs on 17.1.1.4. I cannot find Security -> Application Security: Headers: Cookie List in the WAF. Is that feature removed or Located in new place. I searched over internet but I could not find a resolution. Security -> Application Security : Security Polices : Policy -> HTTP Message Protection -> Cookies Also empty.
Need iRule to block the traffic for specific URL
Hello Can somebody help on this please? I have LTM appliance & Virtual server 'https://www100.test.com' hosted. The requirement I have is to block all the traffic destinated to one of the application 'https://www100.test.com/ce' - is this something achievable by iRule If so do you have any idea on the iRule? Would appreciate somebody can help. Have seen this - https://support.f5.com/csp/article/K74012450 but that is looking too complex to me. Thanks
Redirect https to https virtual server Certificate question
Hi, i have to redirect a https request to a https virtual server , i have in mind to use an irule as follows: when HTTP_REQUEST { set url [HTTP::uri] if {[regexp {"STRING"} $url]} { virtual /Common/MyVirtual } } To do so , i have to set the HTTP profile (client) to http to be able to assing the corresponding Irule to the VS, but requests doesnt work as i have to select the SSL Profile , here the problem. i created a new SSL client profile and tried to set the Certificate Key chain, but doesnt work ( i think i did it wrong) The source https request is using a certificate, that i can see already stored at the F5 , inside file ca-bundle.crt , also from the source server i was able to get the certificate and tried to create a new certificate , but doesnt work , i think i'm missing the key or something. When creating the certificate it's mandatory to generate it as Certificate Authority? or it can be self? Note: i'm not very good at certificates with F5 , i know how to create irules, manage the F5 and so on .. but i'm lost with the certificates part. Thanks in advance.
F5 r10800 not connected to Cisco Nexus 9000
10G and 25G interfaces on F5 rSeries 10800 (F5os version 1.5.2 ) port fail to establish links with Cisco Nexus switches C93360YC-FX2 (nxos version 9.3.5) both side module model are: type is SFP-H25GB-SR name is F5 NETWORKS INC. part number is OPT-0053 is ther a solution to this problem??About Vulnerability Countermeasures
Thank you for your assistance. I would like to know if the following product is effective as a vulnerability countermeasure. Product name: F5 Rules for AWS WAF Common Vulnerabilities and Exposures Target vulnerability: CVE-2021-26691 CVE-2021-26690 CVE-2020-35452 We apologize for the inconvenience, but we would appreciate it if you could check on this issue as soon as possible. Thank you in advance for your cooperation.
